Best Practice BPM Suite, SOA Suite and ADF tips and tricks from real life experiences

BPM ADF Task forms. Checking whether the current user is in a BPM Swimlane

So this blog entry will focus on BPM Swimlane roles and users from a ADF context.

So we have an ADF Task Details Form and we are in the process of making it richer and dynamic in functionality. A common requirement could be to dynamically show different areas based on the user logged into the workspace. Perhaps even we want to know even what swim-lane role the user belongs to.

It is is a little bit harder to achieve then one thinks unless you know the trick.

The Challenge

The tricky part here is that the ADF Task Details Form is in fact part of a separate J2EE application to the main workspace. So if you try to use Java or Expression Language to get the logged in user you will only find anonymous and none of the BPM Roles you will be expecting. So what to do?

The Magic

First add the BC4J Security library to your view project.

Then Restart JDeveloper.

Now find the web.xml file in the view project of your ADF Task Details Application and look for the JpsFilter section. Then add in the following section.

Then in your dynamic part of your ADF form you can now check whether the user logged into the BPM Workspace belongs in a BPM swim-lane in any BPM process. The best way to do this is by using expression language in the JSF page itself. Here I am simply changing the rendered flag to either true or false and thereby hiding or showing a section.

Perhaps you are re-using the same form for a task in an approver swim-lane and ordinary user swimlane. So we only want the approver to see this field.

So call the built in function to check if the user is a member of the BPM swim-lane role. The name of the role must be of the syntax BPMProject.RoleName

<af:outputText value="This will only be rendered when the user is part of the BPM Swimlane Role
rendered="#{securityContext.userInRole['BPMProjectName.Rolename']}"/>

Now you must redeploy your ADF Task Form project

Now (in the image above) the text will ONLY get rendered in the Task Details Form only if the user logged into the workspace is a member of the swimlane Unsecure of the BPM project SimpleTask

Does this approach allow for looking at user roles across applications - where I want to check if a user is a member of a particular group space in web center assuming you add that app definition in your adf init-param?

Hi Christopher,
I followed your simple instructions but they don't make the magic on my system (I'm working with the demo virtual machine provided by oracle that has a BPM Suite 11.1.1.6).
Do you know why?

Thanks for your replay Christopher,
and I understand your point but there is not much to say:
- I added the BC4J library in my view project
- I restarted JDeveloper as you said
- I Added in the web.xml exactly where you said the
<init-param>
<param-name>application.name</param-name>
<param-value>OracleBPMProcessRolesApp</param-value>
</init-param>
- I redeployed my application
(in fact these are trivial tasks, not much options to mistake them)
nevertheless I keep getting anonymous if for example I put a <af:inputText label="userName" id="it4" value="#{securityContext.userName}"/> in my jspx page, and a 'false' in whatever group I put in #{securityContext.userInRole['MyApp.MyRole']} even if I can browse the very same group in the OracleBPMProcessRolesApp through the Enterprise Manager 11g console).
The only extra info that I could give you is that I'm using the BPM Suite versione 11.1.1.6.0 and the oracle pre-prepare vm soabpm-vm available for download.
What am I missing?
Thanks

About

Christopher Karl Chan

Christopher is a Principal Solutions Architect in the FMW Architects team aka the A-Team.
The A-Team is the central, technical, outbound team as part of the FMW Development organization working with Oracle's largest and most important customers.